Skills
skills/yuniorglez/gemini-elite-core/commit-sentinel/Gen Agent Trust Hub

commit-sentinel

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill instructs the agent to execute bun run lint and bun test on local repository files. This execution environment can be exploited if repository configuration files or test scripts are maliciously modified.
  • EXTERNAL_DOWNLOADS (LOW): Recommends the use of bun x tsc to execute the TypeScript compiler. This involves fetching packages from a public registry. While tsc is a standard tool, it is flagged as a potential vector for tool spoofing; however, severity is downgraded per TRUST-SCOPE-RULE.
  • PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection through repository content. 1. Ingestion points: Analyzes git diff output and project source code. 2. Boundary markers: None; the skill does not specify how to distinguish between instructions and data in the repository. 3. Capability inventory: High privilege subprocess execution (bun, git) and repository modification (git commit, git rebase). 4. Sanitization: None.
  • DYNAMIC_EXECUTION (MEDIUM): Utilizes git bisect run to automate execution of bun test across repository history. This creates a loop where code from various historical states is executed automatically.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:20 AM